{{- $cert := "Cg==" }} {{- $certSecret := lookup "v1" "Secret" .Release.Namespace (include "cert-name" .) }} {{- if $certSecret }} {{- if (index ($certSecret.data) "tls.crt") }} {{- $cert = (index $certSecret.data "tls.crt") }} {{- end }} {{- end }} apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: {{- with .Values.clusterOwnerRefereces }} ownerReferences: {{- toYaml . | nindent 4 }} {{- end }} name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} {{- with (.Values.webhooks).annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} webhooks: - name: sgcluster.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgclusters"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgcluster' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgpgconfig.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgpgconfigs"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgpgconfig' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgpoolconfig.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgpoolconfigs"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgpoolconfig' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sginstanceprofile.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sginstanceprofiles"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sginstanceprofile' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgbackupconfig.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgbackupconfigs"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgbackupconfig' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgbackup.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgbackups"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgbackup' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgdistributedlogs.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgdistributedlogs"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgdistributedlogs' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgdbops.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgdbops"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgdbops' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgobjectstorage.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgobjectstorages"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgobjectstorage' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgscripts.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgscripts"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgscript' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgshardedclusters.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgshardedclusters"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgshardedcluster' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgshardedbackups.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgshardedbackups"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgshardedbackup' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgshardeddbops.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgshardeddbops"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgshardeddbops' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }} - name: sgstreams.validating-webhook.stackgres.io sideEffects: None rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["stackgres.io"] apiVersions: ["*"] resources: ["sgstreams"] failurePolicy: Fail clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ .Release.Name }} path: '/stackgres/validation/sgstreams' caBundle: {{ $cert }} admissionReviewVersions: ["v1"] {{- if .Values.allowedNamespaces }} namespaceSelector: matchLabels: stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }} {{- else if .Values.allowedNamespaceLabelSelector }} namespaceSelector: matchLabels: {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }} {{- end }}